Latest news with #dataprivacy
Reuters
5 hours ago
- Business
- Reuters
Meta investors settlement with Zuckerberg takes heat off Delaware
WILMINGTON, Delaware, July 21 (Reuters) - A last-minute settlement between Meta Platforms (META.O), opens new tab shareholders and the company's leadership last week ended an $8 billion trial and spared Mark Zuckerberg from testifying about alleged violations of Facebook users' data. It also took the heat off the state of Delaware, which has been plagued by criticism from technology and business leaders. The second day of the eight-day trial in Delaware's Court of Chancery was about to start on Thursday when the legal team for the shareholder plaintiffs announced they had reached a deal to resolve the case. The terms are still being hammered out, but the agreement ends a case that had the potential to fuel a trend of companies abandoning the state as their legal home. Since last year, Elon Musk and other business leaders have attacked the state's courts, once the key reason companies incorporated in Delaware, for rulings that they say made it easier for shareholders to sue directors. Musk encouraged companies to leave the state and in the past year Dropbox(DBX.O), opens new tab, Trump Media & Technology(DJT.O), opens new tab, Roblox(RBLX.N), opens new tab and Simon Property Group(SPG.N), opens new tab were among the large public companies that reincorporated outside Delaware, a trend dubbed "Dexit." Critics claim the state's courts are biased against company founders -- an uncomfortable backdrop for the Meta case, whose 11 defendants included the billionaires Zuckerberg, Sheryl Sandberg, Marc Andreessen, Palantir Technologies(PLTR.O), opens new tab co-founder Peter Thiel and Reed Hastings, who co-founded Netflix(NFLX.O), opens new tab. A ruling that spared the defendants might have given the impression the court caved to pressure to let them off the hook, while one that favored the plaintiffs could have led to further calls for companies to leave Delaware. "It was going to be really awkward for the court," said Ann Lipton, a professor at Colorado Law School. Meta, which owns Facebook, Instagram and WhatsApp, and lawyers for Meta investors and the defendants did not respond to requests for comment. Meta shareholders alleged current and former officers and directors of Facebook were liable for failing to protect users' data. The shareholder plaintiffs wanted the court to order the defendants to use their personal fortune to reimburse the company for the $8 billion in legal costs that Facebook had shelled out for violating user privacy, including a $5 billion fine paid to the Federal Trade Commission in 2019. The case put a spotlight on Delaware courts and the judge handling the case, Chancellor Kathaleen McCormick, who gained prominence last year for rescinding Musk's $56 billion pay package from Tesla(TSLA.O), opens new tab. That ruling is on appeal. Adding to the high stakes, Andreessen's venture capital firm, Andreessen Horowitz, said earlier this month it was moving its incorporation to Nevada from Delaware and encouraged other companies to follow. "In particular, Delaware courts can at times appear biased against technology startup founders and their boards," said a blog post on the firm's website, citing McCormick's Musk pay ruling. The firm did not respond to a request for comment. Earlier this year, representatives from Meta met with Delaware's governor and soon after the state changed its widely used corporate law to make it harder for shareholders to sue corporate boards over deals with controlling shareholders like Zuckerberg. Delaware's political leaders said the changes were meant to keep Meta and other companies from fleeing the state. Delaware gets more than a quarter of its budget revenue from fees associated with chartering businesses. Despite the new law, some companies, like Affirm Holdings(AFRM.O), opens new tab, still opted to leave, saying it was unclear how it would be interpreted by Delaware courts. Lawrence Cunningham, director of the Weinberg Center for Corporate Governance in Delaware, said the Meta shareholder settlement highlighted the strengths of the Delaware court in handling a complicated case and guiding it to a resolution, which might be hard to replicate elsewhere. "It was a very desired judicial outcome," he said of the case.
Fox News
2 days ago
- Business
- Fox News
McDonald's AI hiring chatbot exposed data of job candidates
Many companies now rely on AI to handle parts of the hiring process. Bots screen resumes, filter candidates, and manage preliminary communication before a human steps in. McDonald's utilizes an AI-powered hiring platform called McHire, which is powered by chatbot, Olivia, to streamline its recruitment process. While AI brings convenience, it also comes with data privacy risks. This became clear when two security researchers responsibly disclosed a critical vulnerability that exposed a small number of candidate records, despite some early reports suggesting a much larger breach. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my On June 30, 2025, security researchers Ian Carroll and Sam Curry discovered a vulnerability in a test account related to a single client instance, which serves McDonald's. Using weak, outdated credentials, they accessed a testing portal and discovered an unauthenticated API endpoint tied to chat interaction records. They retrieved seven chat logs, five of which included U.S.-based candidate information such as: The remaining two records did not include any personal data. Notably, no full job applications, Social Security numbers, or financial information were exposed, and sensitive fields remained protected. responded swiftly, disabling the test account immediately and patching the exposed endpoint within hours of notification. In a public statement, the company confirmed that only five candidate records containing personal information were accessed, and only by the two researchers who ethically disclosed the issue. The company claims the incident impacted only one Paradox client, believed to be McDonald's, and no other clients or systems were affected. There is no evidence of malicious access or that any data was ever leaked or made publicly available. The company went on to say that, "We are confident that, based on our records, this test account was not accessed by any third party other than the security researchers." admitted the test account, set up before 2019, should have been decommissioned, and that legacy credentials no longer met current password standards. In response to the incident, the company has: In response, McDonald's issued a statement: "We're disappointed by this unacceptable vulnerability from a third-party provider, As soon as we learned of the issue, we mandated to remediate the issue immediately, and it was resolved on the same day it was reported to us. We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection." Early reports suggested that the vulnerability could have exposed up to 64 million job applications. However, researchers never confirmed this number and investigation did not find any indication that large-scale data scraping occurred. The only records accessed were the seven chat samples pulled by the researchers to verify the issue. We reached out to and a rep told us: "Our public post should serve as Paradox's official statement. It provides context, as well as some clarification of inaccuracies published in other media." Consistent with their statement, emphasized that only five candidate records containing personal information were accessed by the security researchers, and there is no evidence of a mass breach or any data being made public. While the underlying vulnerability was real, only a very limited scope of data was actually accessed, thanks to the actions of the researchers and the vendor's rapid response. While the researchers accessed personal information in five records, there is no evidence that attackers ever exploited this data. However, hypothetically, such data could be used for various scams, such as: The nature of the exposed data makes it sensitive, even if the scope was limited. The McHire breach shows how easily personal information can be exposed when AI tools collect job application data. These six steps can help you protect your information before, during, and after applying. Only share the information needed to complete the application. Do not provide sensitive details like your Social Security Number, bank account information, or full home address unless you are certain the platform is legitimate and secure. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address. It also keeps your job search organized, helps you spot scams quickly, and reduces the damage if a company mishandles your data. See my review of best secure and private email services at Before you fill out any forms, check that the website URL begins with https:// and that the site looks secure and professional. Avoid platforms or bots that ask vague or repetitive questions or redirect you without a clear reason Incidents like the McHire breach show how easily personal details can be exposed-even when you think you're just applying for a job. A data-removal service helps reduce your online footprint by scanning hundreds of data broker sites and requesting the removal of your information. This lowers the risk of your personal data being leaked, exploited in phishing scams, or used for impersonation. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting a free scan to find out if your personal information is already out on the web: If you create accounts on hiring platforms, avoid reusing passwords from other services. A weak or reused password can make it easier for attackers to compromise your data if a site is breached. Consider using a password manager to generate and store secure passwords. Check out the best expert-reviewed password managers of 2025 at After applying for jobs, stay alert for emails or texts that seem "off." Scammers often use leaked data to impersonate recruiters or employers, especially after high-profile breaches. Watch for fake onboarding requests or messages asking for sensitive information like bank details or IDs. When in doubt, verify directly with the company. This incident was a serious but limited security issue. Thanks to responsible disclosure by researchers and rapid response, the exposure was contained to just five candidate records, and no personal data was leaked or misused. That said, the event is a reminder: when AI is involved in hiring, data privacy must remain a top concern. Even small oversights, like a forgotten test account, can put real people's data at risk. Do you think more transparency is needed from companies when your data is involved in the hiring process? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Wall Street Journal
4 days ago
- Business
- Wall Street Journal
TNB Tech Minute: Meta Directors and Shareholders Settle Privacy Suit - Tech News Briefing
Full Transcript This transcript was prepared by a transcription service. This version may not be in its final form and may be updated. Ariana Aspuru: Here's your afternoon TNB Tech Minute for Thursday, July 17th. I'm Ariana Aspuru for the Wall Street Journal. Current and former Meta directors and shareholders have reached a settlement in their data privacy lawsuit, ending the trial on its second day. This means the executives and board members will avoid testifying about their response to the Cambridge Analytica scandal. In 2018, a group of shareholders sued some members of the board of what was then known as Facebook, including Chief Executive Mark Zuckerberg and former Chief Operating Officer Cheryl Sandberg. The plaintiffs said the directors didn't ensure the company protected its users' data. Terms for the settlement weren't disclosed. Open AI has launched a chat GPT Agent which lets users automate tasks like online shopping, creating spreadsheets, and PowerPoint presentations. The agent works just like Open AI's existing operator agent by accessing the internet through its own browser. But the new agent is equipped with "deep" research capabilities that allow for it to work with larger amounts of information it gathers from the web. The company said it'll be available to Pro, Plus, and Team users today and available for Enterprise and Education users later this summer. And finally, defense tech startup Hadrian said it raised $260 million in debt and equity to expand production of its critical defense components and complete a 270,000 square foot factory in Arizona. President Trump wants to speed up America's lagging munitions production and revitalize deteriorated shipyards. Hadrian aims to do just that with the help of workforce robots and is now armed with this fresh funding to boost it. Backers of the deal include Founders Fund, Lux Capital, and Morgan Stanley. And that's a wrap on your Tech Minute today. For a deeper dive into what's happening in tech, check out tomorrow's Tech News Briefing podcast.
Fox News
4 days ago
- Business
- Fox News
Temu sued by Kentucky for allegedly giving China ‘unfettered' access to user data
FIRST ON FOX: Kentucky's attorney general filed a lawsuit Thursday against e-commerce giant Temu, alleging that its app illegally gives the Chinese government access to Americans' user data and that the company lifts intellectual property from U.S.-owned companies. In a complaint filed in Woodford County Circuit Court, state attorneys asked for an injunction against Temu, an Amazon rival with a China-originating parent company, for what they described as "multifold" harms. Kentucky investigators identified "code-level behaviors" in the Temu app that involved the collection of users' sensitive personal data in a manner that was not secure, in violation of state consumer protection laws, the attorneys said. "These privacy and security harms are compounded both because the Temu app is purposely designed to evade detection … and because Defendants — by their own [acknowledgment] — have a portion of their operations located on mainland China, where cybersecurity laws allow the government unfettered access to data owned by Chinese businesses whenever it wishes," the attorneys wrote. The complaint alleged that Temu improperly collects users' Wi-Fi and GPS information, as well as camera data without appropriate permission. The attorneys also alleged that Temu brazenly sells products using stolen intellectual property of large and small brands, including that of Kentucky's historic horse racetrack in Louisville. "As of the date of this filing, Temu features dozens of what appear to be unlicensed products claiming to be from Kentucky brands like the University of Kentucky, University of Louisville, Buffalo Trace Distillery and Churchill Downs," the complaint reads. Temu's parent company is PDD Holdings, which originated in China but moved to Ireland. Before launching Temu in the United States in 2022, PDD Holdings founded Temu's sister company, Pinduoduo, a Chinese online retailer. Temu has become known for its heavily discounted products and aggressive advertising strategy, which included three multimillion-dollar animated Super Bowl ads last year. Temu was Apple's most downloaded free app in 2023, according to TechCrunch. Temu's tagline is "Shop like a billionaire," though its pricing structure has in recent months been disrupted by Trump's trade war with China. Kentucky Attorney General Russell Coleman said the company's "cheap products and flashy marketing" distract from more insidious problems. "Their platform can infect Kentuckians' devices with malware, steal their personal data and send it directly to the Chinese government," Coleman, an elected Republican and former U.S. attorney, said in a statement. "At the same time, they're eroding trust in some of Kentucky's most iconic brands, which could lead to job losses and hardship." The lawsuit is the latest instance of Temu coming under scrutiny, mainly by Republicans, for its ties to China, a top U.S. adversary. Last year, 20 GOP state attorneys general demanded information from Temu's ownership about allegations brought by Congress that its China-based suppliers used forced labor. Temu denied the claim at the time. Fox News Digital reached out to Temu for comment.
TechCrunch
4 days ago
- Business
- TechCrunch
Confident Security, ‘the Signal for AI,' comes out of stealth with $4.2M
As consumers, businesses, and governments flock to the promise of cheap, fast, and seemingly magical AI tools, one question keeps getting in the way: How do I keep my data private? Tech giants like OpenAI, Anthropic, xAI, Google, and others are quietly scooping up and retaining user data to improve their models or monitor for safety and security, even in some enterprise contexts where companies assume their information is off limits. For highly regulated industries or companies building on the frontier, that gray area could be a dealbreaker. Fears about where data goes, who can see it, and how it might be used are slowing AI adoption in sectors like healthcare, finance, and government. Enter San Francisco-based startup Confident Security, which aims to be 'the Signal for AI.' The company's product, CONFSEC, is an end-to-end encryption tool that wraps around foundational models, guaranteeing that prompts and metadata can't be stored, seen, or used for AI training, even by the model provider or any third party. 'The second that you give up your data to someone else, you've essentially reduced your privacy,' Jonathan Mortensen, founder and CEO of Confident Security, told TechCrunch. 'And our product's goal is to remove that trade-off.' Confident Security came out of stealth on Thursday with $4.2 million in seed funding from Decibel, South Park Commons, Ex Ante, and Swyx, TechCrunch has exclusively learned. The company wants to serve as an intermediary vendor between AI vendors and their customers – like hyperscalers, governments, and enterprises. Even AI companies could see the value in offering Confident Security's tool to enterprise clients as a way to unlock that market, said Mortensen. He added that CONFSEC is also well-suited for new AI browsers hitting the market, like Perplexity's recently released Comet, to give customers guarantees that their sensitive data isn't being stored on a server somewhere that the company or bad actors could access, or that their work-related prompts aren't being used to 'train AI to do your job.' CONFSEC is modeled after Apple's Private Cloud Compute (PCC) architecture, which Mortensen says 'is 10x better than anything out there in terms of guaranteeing that Apple cannot see your data' when it runs certain AI tasks securely in the cloud. Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | REGISTER NOW Like Apple's PCC, Confident Security's system works by first anonymizing data by encrypting and routing it through services like Cloudflare or Fastly, so servers never see the original source or content. Next, it uses advanced encryption that only allows decryption under strict conditions. 'So you can say you're only allowed to decrypt this if you are not going to log the data, and you're not going to use it for training, and you're not going to let anyone see it,' Mortensen said. Finally, the software running the AI inference is publicly logged and open to review so that experts can verify its guarantees. 'Confident Security is ahead of the curve in recognizing that the future of AI depends on trust built into the infrastructure itself,' Jess Leao, partner at Decibel, said in a statement. 'Without solutions like this, many enterprises simply can't move forward with AI.' It's still early days for the year-old company, but Mortensen said CONFSEC has been tested, externally audited, and is production-ready. The team is in talks with banks, browsers, and search engines, among other potential clients, to add CONFSEC to their infrastructure stacks. 'You bring the AI, we bring the privacy,' said Mortensen.
